Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

redhatcve
redhatcve

CVE-2024-36286

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

6.9AI Score

0.0004EPSS

2024-06-21 07:52 PM
hackread
hackread

AdsExhaust Adware Distributed in Fake Oculus Installer via Google Search

New adware "AdsExhaust" disguises itself as an Oculus installer to steal screenshots, generate fake clicks, and drain resources. Learn how to protect yourself from AdsExhaust and similar...

7.3AI Score

2024-06-21 05:05 PM
6
osv
osv

CGA-w3h9-h7jv-6q22

Bulletin has no...

4.4CVSS

4.5AI Score

0.0004EPSS

2024-06-21 04:23 PM
osv
osv

CGA-r6qh-9mxv-rrj2

Bulletin has no...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-21 04:23 PM
osv
osv

CGA-8gvh-h9r4-wc5v

Bulletin has no...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-06-21 04:22 PM
osv
osv

CGA-p79x-5pxg-f77m

Bulletin has no...

5.6CVSS

5.4AI Score

0.0004EPSS

2024-06-21 04:22 PM
osv
osv

CGA-6hxx-3pwx-j6mh

Bulletin has no...

7.5CVSS

6.7AI Score

0.002EPSS

2024-06-21 04:22 PM
1
osv
osv

CGA-2vvm-h2g8-jrwc

Bulletin has no...

4.4CVSS

4.5AI Score

0.0004EPSS

2024-06-21 04:22 PM
osv
osv

Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-21 03:52 PM
1
osv
osv

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

9.8CVSS

7AI Score

0.001EPSS

2024-06-21 03:15 PM
1
osv
osv

CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of...

7.5CVSS

6.6AI Score

0.0005EPSS

2024-06-21 02:15 PM
1
osv
osv

CGA-q5hm-r52v-wgmm

Bulletin has no...

4.3CVSS

4.8AI Score

0.0005EPSS

2024-06-21 01:04 PM
2
thn
thn

Military-themed Email Scam Spreads Malware to Infect Pakistani Users

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the....

7.2AI Score

2024-06-21 01:01 PM
14
osv
osv

CGA-r7v2-xp2f-mjxf

Bulletin has no...

7.2AI Score

2024-06-21 12:04 PM
osv
osv

CGA-2j83-3mrr-q3pc

Bulletin has no...

4.3CVSS

4.8AI Score

0.0005EPSS

2024-06-21 12:04 PM
1
osv
osv

CGA-pfrr-qxjv-xmf4

Bulletin has no...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-21 12:04 PM
1
talosblog
talosblog

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...

7.5AI Score

2024-06-21 12:00 PM
5
talosblog
talosblog

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...

7AI Score

2024-06-21 12:00 PM
4
nvd
nvd

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

0.0004EPSS

2024-06-21 11:15 AM
3
debiancve
debiancve

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

6.8AI Score

0.0004EPSS

2024-06-21 11:15 AM
1
cve
cve

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

6.4AI Score

0.0004EPSS

2024-06-21 11:15 AM
19
cve
cve

CVE-2024-36286

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

6.5AI Score

0.0004EPSS

2024-06-21 11:15 AM
15
nvd
nvd

CVE-2024-36286

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

0.0004EPSS

2024-06-21 11:15 AM
debiancve
debiancve

CVE-2024-36286

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

7AI Score

0.0004EPSS

2024-06-21 11:15 AM
vulnrichment
vulnrichment

CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

6.8AI Score

0.0004EPSS

2024-06-21 10:18 AM
2
cvelist
cvelist

CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...

0.0004EPSS

2024-06-21 10:18 AM
3
cvelist
cvelist

CVE-2024-36286 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

0.0004EPSS

2024-06-21 10:18 AM
1
thn
thn

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious...

7.5AI Score

2024-06-21 09:51 AM
11
osv
osv

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-21 09:30 AM
3
osv
osv

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-21 09:30 AM
1
osv
osv

CGA-p2qq-w8qw-6vjp

Bulletin has no...

7.2AI Score

2024-06-21 09:04 AM
osv
osv

CGA-hv8x-jmgj-fp3m

Bulletin has no...

7.2AI Score

EPSS

2024-06-21 08:04 AM
2
osv
osv

CGA-hm7p-55gr-6rwf

Bulletin has no...

7.5CVSS

7.2AI Score

0.002EPSS

2024-06-21 08:04 AM
osv
osv

CGA-xw46-g57p-x8jh

Bulletin has no...

8.8CVSS

7.2AI Score

0.002EPSS

2024-06-21 08:04 AM
osv
osv

CGA-6qmv-w6v4-7g8w

Bulletin has no...

6.1CVSS

6.7AI Score

0.003EPSS

2024-06-21 08:04 AM
1
osv
osv

CGA-ggfp-f887-7www

Bulletin has no...

6.5CVSS

6.7AI Score

0.001EPSS

2024-06-21 08:04 AM
osv
osv

CGA-4qv7-4gh9-g2pj

Bulletin has no...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-21 08:04 AM
1
osv
osv

CGA-2974-f63r-wqfr

Bulletin has no...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-21 08:04 AM
osv
osv

CGA-xg53-gr2g-vffm

Bulletin has no...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-21 08:04 AM
osv
osv

CGA-fh4x-g9g6-mcx4

Bulletin has no...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-21 08:04 AM
1
osv
osv

CGA-93gv-hv4c-83gx

Bulletin has no...

7.4CVSS

6.7AI Score

0.003EPSS

2024-06-21 08:04 AM
1
osv
osv

CGA-5xfh-j46h-x23q

Bulletin has no...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-21 08:04 AM
osv
osv

CGA-qfjm-7vpv-9jgw

Bulletin has no...

7.5CVSS

6.6AI Score

0.02EPSS

2024-06-21 08:04 AM
osv
osv

CGA-p6hq-rr8r-gjcp

Bulletin has no...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-21 08:04 AM
osv
osv

BIT-kibana-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

4.9CVSS

5.1AI Score

0.0004EPSS

2024-06-21 07:23 AM
osv
osv

BIT-elk-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

4.9CVSS

5.1AI Score

0.0004EPSS

2024-06-21 07:17 AM
osv
osv

ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

6.5AI Score

0.0004EPSS

2024-06-21 06:31 AM
cve
cve

CVE-2024-4755

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

4.8CVSS

5.4AI Score

0.0004EPSS

2024-06-21 06:15 AM
18
nvd
nvd

CVE-2024-4755

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

4.8CVSS

0.0004EPSS

2024-06-21 06:15 AM
2
osv
osv

CVE-2021-47621

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

6.5AI Score

0.0004EPSS

2024-06-21 06:15 AM
Total number of security vulnerabilities304786